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Claims 

1. A method of inter-area rekeying of encryption keys in secure mobile 
multicast communications, in which a Domain Group Controller Key 
Server (Domain GCKS) distributes Traffic Encryption Keys (TEK) to a 

5 plurality of local Group Controller Key Sen/ers (local GCKS) serving 
respective group key management areas, and said local Group Controller 
Key Servers forward said Traffic Encryption Keys, encrypted using Key 
Encryption Keys (KEKj, KEKj) that are specific to the respective local 
Group Controller Key Server (local GCKSi, GCKSj), to group members 

10 situated in the respective group key management areas, said local Group 
Controller Key Servers (GCKS^ GCKSj) constituting Extra Key Owner 
Lists (EKOLi, EKOLj) for said group key management areas (areai, area)) 
that distinguish group members (MMj, MMj) possessing Key Encryption 
Keys (KEKi, KEKj) and situated in the corresponding group key 

1 5 management area (areai, areaj) from group members (MMy) possessing 
Key Encryption Keys (KEKi) ttiat were situated in the corresponding group 
key management area (area;) but are visiting another area (areaj), 

characterised in that said local Group Controller Key Servers forward said 
Traffic Encryption Keys (TEK) to group members (MMy) visiting the 
20 respective group key management areas (areaj) encrypted using a Visitor 
Encryption Key (VEKj) that is specific to the respective local Group 
Controller Key Server (GCKSj) and is different from said Key Encryption 
Key (KEKj). 

2. A method a.? ^ ^•r^'^j -~ "^aim 1, and comprising rekeymg said Traffic 
25 Encryption Keys (TEK) after rekeying said Key Encryption Key (KEKi, 

KEKj). 
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3. A method as claimed in ciaim 1 or 2, wherein said local Group Controller 
Key Servers (GCKSi, GCKSj) rekey a Key Encryption Key (KEK^ KEKj) by 
a process including sending a new Key Encryption Key (KEKi, KEKj) to 

6 current group members encrypted using the current Key Encryption Key 

(KEKj, KEKj) and to visiting group members using the Visitor Encryption 
Key (VEKi, VEK|). 

4. A method as claimed in claim 1 or 2, wherein said local Group Controller 
Key Server GCKSi sends the Visitor Encryption Key (VEKj) rather than the 

10 Key Encryption Key (KEKj) to new members joining the group via areai. 

5. A method as claimed in claim 3, wherein said local Group Controller Key 
Sender (GCKSj, GCKSj) rekey a Key Encryption Key (KEKi, KEKj) by a 
process including sending said new Key Encryption Key (KEKi, KEKj) 
selectively to existing group members situated in the corresponding group 

1 5 key management area (areai, areaj). 

6. A method as claimed in ciaim 3 or 5, wherein said local Group Controller 
Key Servers (GCKSi, GCKSj) rekey a Key Encryption Key (KEKj, KEKj) by 
a process including sending said new Key Encryption Key (KEKh KEKj) to 
existing group members using multicast messages and to visiting group 

20 members over a different secure channel 

7. A method as claimed in any of claims 3 to 6, wherein rekeying a Key 
Encryption Key (KEK|, KEKj) comprises said local Group Controfler Key 
Servers (GCKS^ GGKS|) sending a new Key Encryption Key {KEKi, KEKj 
selectively to current group members currently situated in the 

25 corresponding group key management areas (area^ areaj). 
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8, A method as claimed in any preceding claim and including said local 
Group Controller Key Servers (GCKSi, GCKSj) constituting Visitor Key 
Owner Lists (VKOLi, VKOLj) for said group key management areas (area^, 

5 areaj) tliat distinguish group members (MMb MMj) possessing Visitor 

Encryption Keys (VEKi, VEKj) and situated in the corresponding group key 
management area (areai, area^) from group members (MMij) possessing 
Visitor Encryption Keys (VEKj) that were situated in the corresponding 
group key management area (areai) but are visiting another area (areaj). 

10 

9, A method as claimed in claim 8 wherein said Extra Key Owner Lists 
(EKOLi, EKOLj) and said Visitor Key Owner Lists (VKOLi, VKOLj) 
comprise lists of the group members (MMi|) possessing Key Encryption 
Keys (KEKi), respectively Visitor Encryption Keys (VEK^, VEKj), that were 

15 situated in the corresponding group key management area (area;) but are 

visiting another area (areaj). 

10, A method as claimed in any preceding claim, wherein a group member 
(MMij) that was visiting another group key management area (areaj) 
returns to an area (areaO for which it possesses a corresponding Key 

20 Encryption Key (KEKi) or Visitor Encryption Key (VEKj) before expiry of a 

validity period set by the corresponding Group Controller Key Server 
(GCKSi) Without said corresponding Group Controller Key Server (GCKSi) 
rekeying said Key Encryption Key (KEKi). 



